Gentoo Websites Logo
Go to: Gentoo Home Documentation Forums Lists Bugs Planet Store Wiki Get Gentoo!
Bug 234684 - www-servers/tomcat-6.0.18 stabilization request
Summary: www-servers/tomcat-6.0.18 stabilization request
Status: RESOLVED FIXED
Alias: None
Product: Gentoo Security
Classification: Unclassified
Component: Vulnerabilities (show other bugs)
Hardware: All Linux
: High critical (vote)
Assignee: Java team
URL:
Whiteboard:
Keywords: STABLEREQ
Depends on:
Blocks: CVE-2008-1947
  Show dependency tree
 
Reported: 2008-08-13 22:29 UTC by William L. Thomson Jr. (RETIRED)
Modified: 2011-10-30 22:39 UTC (History)
1 user (show)

See Also:
Package list:
Runtime testing required: ---


Attachments

Note You need to log in before you can comment on or make changes to this bug.
Description William L. Thomson Jr. (RETIRED) gentoo-dev 2008-08-13 22:29:29 UTC
Please stabilize the latest version ASAP due to some security issues in blocked bug.
Comment 1 Jonas Pedersen 2008-08-14 15:41:29 UTC
dev-java/tomcat-servlet-api-6.0.18  USE="-source"
www-servers/tomcat-6.0.18  USE="test -doc -examples -source"

1. Both packages emerges on AMD64. It is however only tested with SUN's 1.6 JVM/JDK. 
2. No collisions etc. 
3. Works on my server. Hosting a picture gallery made in java on the server and that still works. 

Portage 2.1.4.4 (default-linux/amd64/2007.0, gcc-4.1.2, glibc-2.6.1-r0, 2.6.23-gentoo-r8 x86_64)
=================================================================
System uname: 2.6.23-gentoo-r8 x86_64 AMD Athlon(tm) 64 Processor 3700+
Timestamp of tree: Wed, 13 Aug 2008 22:36:01 +0000
ccache version 2.4 [enabled]
app-shells/bash:     3.2_p33
dev-java/java-config: 1.3.7, 2.1.6
dev-lang/python:     2.4.4-r13, 2.5.2-r6
dev-python/pycrypto: 2.0.1-r6
dev-util/ccache:     2.4-r7
sys-apps/baselayout: 1.12.11.1
sys-apps/sandbox:    1.2.18.1-r2
sys-devel/autoconf:  2.13, 2.61-r2
sys-devel/automake:  1.7.9-r1, 1.10.1
sys-devel/binutils:  2.18-r3
sys-devel/gcc-config: 1.4.0-r4
sys-devel/libtool:   1.5.26
virtual/os-headers:  2.6.23-r3
ACCEPT_KEYWORDS="amd64"
CBUILD="x86_64-pc-linux-gnu"
CFLAGS="-march=athlon64 -O3 -pipe -fomit-frame-pointer"
CHOST="x86_64-pc-linux-gnu"
CONFIG_PROTECT="/etc /var/bind"
CONFIG_PROTECT_MASK="/etc/env.d /etc/env.d/java/ /etc/gconf /etc/php/apache2-php5/ext-active/ /etc/php/cgi-php5/ext-active/ /etc/php/cli-php5/ext-active/ /etc/revdep-rebuild /etc/terminfo /etc/udev/rules.d"
CXXFLAGS="-march=athlon64 -O3 -pipe -fomit-frame-pointer"
DISTDIR="/usr/portage/distfiles"
FEATURES="ccache collision-protect distlocks metadata-transfer multilib-strict sandbox sfperms strict test unmerge-orphans userfetch"
GENTOO_MIRRORS="ftp://gentoo.mirror.web4u.cz/ http://ftp-stud.fht-esslingen.de/pub/Mirrors/gentoo/ ftp://pandemonium.tiscali.de/pub/gentoo/ http://gentoo.mirror.web4u.cz/ http://mirrors.sec.informatik.tu-darmstadt.de/gentoo/"
LC_ALL="en_DK.utf8"
MAKEOPTS="-j2"
PKGDIR="/usr/portage/packages"
PORTAGE_RSYNC_OPTS="--recursive --links --safe-links --perms --times --compress --force --whole-file --delete --stats --timeout=180 --exclude=/distfiles --exclude=/local --exclude=/packages"
PORTAGE_TMPDIR="/var/tmp"
PORTDIR="/usr/portage"
SYNC="rsync://rsync.gentoo.org/gentoo-portage"
USE="3dnow acl amd64 apache2 berkdb cli cracklib crypt cups dri fortran gdbm gpm iconv imap isdnlog java5 jpeg midi mmx mudflap mysql ncurses nls nptl nptlonly openmp pam pcre perl png pppd python readline reflection session spl sse sse2 ssl tcpd unicode xml xorg zlib" ALSA_CARDS="ali5451 als4000 atiixp atiixp-modem bt87x ca0106 cmipci emu10k1x ens1370 ens1371 es1938 es1968 fm801 hda-intel intel8x0 intel8x0m maestro3 trident usb-audio via82xx via82xx-modem ymfpci" ALSA_PCM_PLUGINS="adpcm alaw asym copy dmix dshare dsnoop empty extplug file hooks iec958 ioplug ladspa lfloat linear meter mmap_emul mulaw multi null plug rate route share shm softvol" APACHE2_MODULES="actions alias auth_basic auth_digest authn_anon authn_dbd authn_dbm authn_default authn_file authz_dbm authz_default authz_groupfile authz_host authz_owner authz_user autoindex cache dav dav_fs dav_lock dbd deflate dir disk_cache env expires ext_filter file_cache filter headers ident imagemap include info log_config logio mem_cache mime mime_magic negotiation proxy proxy_ajp proxy_balancer proxy_connect proxy_http rewrite setenvif so speling status unique_id userdir usertrack vhost_alias" ELIBC="glibc" INPUT_DEVICES="keyboard mouse evdev" KERNEL="linux" LCD_DEVICES="bayrad cfontz cfontz633 glk hd44780 lb216 lcdm001 mtxorb ncurses text" USERLAND="GNU" VIDEO_CARDS="apm ark chips cirrus cyrix dummy fbdev glint i128 i810 mach64 mga neomagic nv r128 radeon rendition s3 s3virge savage siliconmotion sis sisusb tdfx tga trident tseng v4l vesa vga via vmware voodoo"
Unset:  CPPFLAGS, CTARGET, EMERGE_DEFAULT_OPTS, INSTALL_MASK, LANG, LDFLAGS, LINGUAS, PORTAGE_COMPRESS, PORTAGE_COMPRESS_FLAGS, PORTAGE_RSYNC_EXTRA_OPTS, PORTDIR_OVERLAY

Comment 2 nixnut (RETIRED) gentoo-dev 2008-08-14 16:47:16 UTC
ppc stable
Comment 3 Markus Meier gentoo-dev 2008-08-15 20:01:58 UTC
amd64/x86 stable, thanks for testing Jonas!
Comment 4 Markus Rothe (RETIRED) gentoo-dev 2008-08-24 11:00:39 UTC
mhh.. I haven't seen this bug because security@g.o is in CC.. Don't we normally do it the other way around? i.e. assign bugs to security and CC the maintainer etc?

anyways.. stable on ppc64:

dev-java/tomcat-servlet-api-6.0.18
www-servers/tomcat-6.0.18
Comment 5 William L. Thomson Jr. (RETIRED) gentoo-dev 2008-08-27 11:27:00 UTC
(In reply to comment #4)
> mhh.. I haven't seen this bug because security@g.o is in CC.. Don't we normally
> do it the other way around? i.e. assign bugs to security and CC the maintainer
> etc?

Possible, getting rusty and off my game. Wasn't sure if I should use sec bug for stabilization or what. Also I think we can close this one. Leaving the other.


Comment 6 Robert Buchholz (RETIRED) gentoo-dev 2008-08-27 13:49:05 UTC
(In reply to comment #5)
> Possible, getting rusty and off my game. Wasn't sure if I should use sec bug
> for stabilization or what. Also I think we can close this one. Leaving the
> other.

Yep, we can close this. Usually you should use security bugs for stabling, either CC arches or leave a comment and the security team will take care of that.